CVE-2024-6362

{"id": "CVE-2024-6362", "cveTags": [], "metrics": {}, "published": "2024-07-29T06:15:02.700", "references": [{"url": "https://wpscan.com/vulnerability/d2e2d06b-0f07-40b9-9b87-3373f62ae1a9/", "source": "contact@wpscan.com"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "The Ultimate Blocks WordPress plugin before 3.2.0 does not validate and escape some of its post-grid block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks"}, {"lang": "es", "value": " El complemento de WordPress Ultimate Blocks anterior a 3.2.0 no valida ni escapa algunos de sus atributos de bloque posteriores a la cuadr\u00edcula antes de devolverlos a una p\u00e1gina/publicaci\u00f3n donde est\u00e1 incrustado el bloque, lo que podr\u00eda permitir a los usuarios con el rol de colaborador y superior realizar ataques de Cross Site Scripting almacenado"}], "lastModified": "2024-07-29T14:12:08.783", "sourceIdentifier": "contact@wpscan.com"}